公开(公告)号：US20230316192A1

公开(公告)日：2023-10-05

申请号：US17859730

申请日：2022-07-07

Applicant: Cisco Technology, Inc.

Inventor： Michael Roytman ,  Edward Thayer Bellis, IV

IPC: G06Q10/06

CPC classification number: G06Q10/0635

Abstract: In one embodiment, a method includes determining an attack tactic risk score for one or more attack tactics based on a dataset of actual loss events and determining an incident risk score for an incident based on the one or more attack tactic risk scores. The method also includes determining a priority value for an asset. The asset is associated with the incident. The method further includes generating an asset risk score for the asset based on the priority value of the asset and the incident risk score.

公开(公告)号：US20240333747A1

公开(公告)日：2024-10-03

申请号：US18360676

申请日：2023-07-27

Applicant: Cisco Technology, Inc.

Inventor： Vincent Parla ,  Andrew Zawadowskiy ,  Blake Anderson ,  Hugo Mike Latapie ,  Oleg Bessonov ,  David Arthur McGrew ,  Michael Roytman ,  Tian Bu ,  William Michael Hudson, JR. ,  Nancy Cam-Winget

IPC: H04L9/40

CPC classification number: H04L63/1433 ,  H04L63/145

Abstract: In one aspect, a method includes creating a polymorphic variant of a sample of malware, analyzing the polymorphic variant of the sample of malware by a security management service to determine if the polymorphic variant of the sample of malware evades detection by the security management service, when the security management service fails to detect the polymorphic variant during the analysis of the polymorphic variant, detonating the polymorphic variant in a virtualized environment to identify characterizations of the polymorphic variant, and training the security management service to detect the polymorphic variant based on the characterizations.

公开(公告)号：US20240330481A1

公开(公告)日：2024-10-03

申请号：US18494521

申请日：2023-10-25

Applicant: Cisco Technology, Inc.

Inventor： Michael Roytman ,  Vincent Parla ,  Andrew Zawadowskiy ,  William Michael Hudson, JR.

IPC: G06F21/57 ,  G06F21/31 ,  G06F21/55

CPC classification number: G06F21/577 ,  G06F21/31 ,  G06F21/552

Abstract: A system and method are provided for predicting the method of exploitation and impact/scope of software vulnerabilities, thereby enabling improved remediation of the software vulnerabilities. A machine learning (ML) method receives threat-intelligence information of the software vulnerabilities and generates a threat vector based on a security category and a data or schema category of the software vulnerability. The ML method can include a first portion constrained to predict a first intermediary result corresponding to the security category of the software vulnerability. The ML method can include a second portion constrained to predict a second intermediary result corresponding to the data or schema category of the software vulnerability.

公开(公告)号：US20230315844A1

公开(公告)日：2023-10-05

申请号：US17866182

申请日：2022-07-15

Applicant: Cisco Technology, Inc.

Inventor： Michael Roytman ,  Edward Thayer Bellis, IV

IPC: G06F21/55 ,  G06F16/35 ,  G06F16/33 ,  G06N5/02

CPC classification number: G06F21/554 ,  G06F16/353 ,  G06F16/3344 ,  G06N5/022 ,  G06F2221/031

Abstract: In one embodiment, a method includes receiving a historical text document that is associated with a breach event. The method also includes searching for an attack tactic within the historical text document using a machine learning algorithm. The method further includes generating a probability that the attack tactic exists within the historical text document, comparing the probability to a predetermined probability threshold, and categorizing the historical text document based on the probability.

公开(公告)号：US20250023913A1

公开(公告)日：2025-01-16

申请号：US18351195

申请日：2023-07-12

Applicant: Cisco Technology, Inc.

Inventor： Michael Roytman

IPC: H04L9/40 ,  H04L41/16

Abstract: A system and method are provided for detecting malicious messages using a two-step Bayesian approach. A discrimination engine determines for each of the messages a first score and a second score. The first score represents a likelihood that the respective messages are malicious messages, and the second score represents a likelihood that they were generated by a machine learning (ML) method, such as a large language model (LLM). Using a combination of these two scores, message with a high probability of being malicious message are discriminated and marked as such. For example, messages for which the first and second scores exceed respective thresholds are marked as suspicious.

公开(公告)号：US20240330480A1

公开(公告)日：2024-10-03

申请号：US18356178

申请日：2023-07-20

Applicant: Cisco Technology, Inc.

Inventor： Michael Roytman

IPC: G06F21/57 ,  G06F21/56

CPC classification number: G06F21/577 ,  G06F21/563

Abstract: A system and method are provided for predicting risks related to software vulnerabilities and thereby triaging said vulnerabilities. Input data (e.g., bug reports) are applied to a prediction engine (e.g., a machine learning (ML) method such as a large language model, a transformer neural network, or a classifier model), which outputs two or more scores for each vulnerability. A first score represents a likelihood of an exploit being developed (a threat), a second score represents a likelihood of being attacked (a greater threat), and a third score represents a likelihood of becoming a published common vulnerability and exposure (an even greater threat). Based on these scores, the vulnerabilities are triaged. Because the prediction engine is trained to make predictions using the unstructured data in bug reports, the vulnerabilities can be triaged soon after discovery, reducing the time to remediate vulnerabilities predicted to be significant threats.